Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:FrontRunner
ant.23494
ant-CVE-2020-1945-5.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ant-CVE-2020-1945-5.patch of Package ant.23494
From 926f339ea30362bec8e53bf5924ce803938163b7 Mon Sep 17 00:00:00 2001 From: Stefan Bodewig <bodewig@apache.org> Date: Sun, 10 May 2020 15:07:05 +0200 Subject: [PATCH] recommend using ant.tmpdir --- manual/running.html | 7 +++++++ 1 file changed, 7 insertions(+) Index: apache-ant-1.10.7/manual/running.html =================================================================== --- apache-ant-1.10.7.orig/manual/running.html +++ apache-ant-1.10.7/manual/running.html @@ -524,6 +524,16 @@ on the platform and the JVM implementati changed API of Ant 1.10.8.</p> +<p><b>Security Note:</b> Using the default temporary directory +specified by <code>java.io.tmpdir</code> can result in the leakage of +sensitive information or possibly allow an attacker to execute +arbitrary code. This is especially true in multi-user environments. It +is recommended that <code>ant.tmpdir</code> be set to a directory +owned by the user running Ant with 0700 permissions. Ant 1.10.8 and +later will try to make temporary files created by it only +readable/writable by the current user but may silently fail to do so +depending on the OS and filesystem.</p> + <h2 id="cygwin">Cygwin Users</h2> <p> Unix launch script that come with Ant works correctly with Cygwin. You
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor